Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Oracle
  • Glassfish Server

Configuration 1 [-]

OR cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html cve-icon cve-icon
http://www.securityfocus.com/bid/95478 cve-icon cve-icon
History

Wed, 09 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2024-10-09T20:04:51.630Z

Reserved: 2016-06-16T00:00:00

Link: CVE-2016-5528

cve-icon Vulnrichment

Updated: 2024-08-06T01:07:57.755Z

cve-icon NVD

Status : Modified

Published: 2017-01-27T22:59:00.193

Modified: 2024-11-21T02:54:31.753

Link: CVE-2016-5528

cve-icon Redhat

No data.